A hacker gang has allegedly collected and dumped 500,000 login credentials belonging to users of a popular VPN product from cybersecurity firm Fortinet.

The threat actor, dubbed Orange, leaked the trove of usernames and passwords on a dark web forum.While cybercriminals will often try to sell such data or use it for their own nefarious purposes, Orange apparently posted the large haul of information for free.

The accounts are believed to have been compromised via a previously discovered vulnerability in the product. In April, federal agencies warned of multiple security flaws in Fortinet’s VPN that could allow hackers access.

Orange is thought to be a member of the ransomware gang “Groove.” They are reputed to have also previously worked for Babuk Ransomware.

Groove recently launched a new cybercrime forum called RAMP and researchers have theorized that the gang may have leaked the VPN accounts as a way of drawing attention to their new business venture.The threat actor responsible for the leak has claimed that many of the credentials are still valid.

The credentials are reportedly tied to 498,908 users and 12,856 devices the likes of which are sourced from as many as 74 different countries. The largest share of credentials comes from India, though Italy, France, and Israel also have sizable shares.